CVE-2024-33004 MEDIUM

CVE-2024-33004: Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform (Webservices)
Weakness CWE-524
Published May 14, 2024
Last update September 28, 2024

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
September 28, 2024 Record updated

Related vulnerabilities

04Related CVE